Search results

Yes, they are plenty of other rules including the one Peter Debik suggested. I tried at first with the A in uppercase. But I got that, the Bad argument '1' Thanks

Thanks Eliamarsura, I don't use F2B, I use juggernauth firewall, so when I try to run your command, gives me this: iptables: No chain/target/match by that name. And if I change the -l for -a: Bad argument `1' He uses TONS, trust me tons of IP's, and "fresh" ones not listed in blacklists

I post here again as Peter Debik marked my past post as Resolved, but is not. I have a kind of annoying problem, in the past, my main server IP belong to a very known domain website, they move their website/email server to a new IP range and I got their IP assigned (didn't know about this when I...

If you use Postfix with main.cf would be OK. Normally here: /etc/postfix/main.cf

Hi Rasp, using this lines in config: smtpd_client_restrictions = permit_mynetworks, reject_rbl_client xxxxx.xxxx, permit_sasl_authenticated smtpd_delay_reject = no The xxxxx.xxxx reffers to the block list, I.E.: b.barracudacentral.org

Or maybe not ;) I figure it our in master.cf commented some lines in submission, and now, I can send email, and I can confirm 100% attacker is being blocked before SASL using the DNSBL Nice christmas gift after months fighting with them. Thanks @danami and have a Happy Christmas !

If I do the smtpd_delay_reject = no , then I can't send mail, got this in email client: 5.7.1 Client host rejected: Access denied Below a fragment of maillog of how the attacker tries everytime without problem the SMTP AUTH: Dec 24 01:14:08 sv postfix/smtps/smtpd[12538]: connect from...

100% sure. The main.cf and master.cf looks the same

Well... bad news, it works only for people trying to send mail, not for SASL AUTH/SMTP AUTH, they can still try to login without any problem being listed in the RBL/DNSBL

Hello @Peter Debik your solution works for a X time, after some hours or days, then stop working and again I need to create the rule, I guess some CRON is deleting it from Iptables or something, I did the iptables-save command, but still deletes it after X time. I´m using CSF and Juggernauth...

Just to confirm, yes it's working :) Log example: NOQUEUE: reject: RCPT from unknown[XXX.XX.XX.XX]: 554 5.7.1 Service unavailable; Client host [XXX.XX.XX.XX] blocked using (RBL List) Thanks @danami !

Appears to be working! I will maintain updated about results here, to anyone whishing the same. Thanks @danami

I did the steps before mentioned, it slow down the attempts, I still have some. Thanks anyway for your info, don't get me wrong, I just want to know my original question: My original question, is, "is there anyway to use DNSBL block list before SMTP AUTH attempts?" Maybe someone have a...

Yes, but I can't enable on 465 or 587. From the article: "Note: Postscreen listens on port 25 only, so authenticated users from port 587 or 465 won’t be affected by Postscreen." From the author: "No. Postscreen only works on port 25. Port 587 is used for SMTP Auth. It’s not used for receiving...

No, doesn’t work for my needs, my problem is not spammers, it’s a hacker. Post screen is nice working for 25 port, and spam, but not for before SMTP AUTH, that’s my problem, in SMTP AUTH attempts.

Yes, I have already months ago: 1.- To 15,000 IPs 2.- SMTP_AUTH = 1 I have a really good RBL that I checked a lot of times vs attacker IP's and my client IP's and it's 99% exact with the attacker IP's, so, yes a RBL will work if there's a way to block the SMTP AUTH using it.

Yep, I have them to 1 months ago, we don't have many clients, so in any false/positive is best for us to block all the wrong tries. But like I wrote, the have a LOT of IP's, it's a directed attack as they know the usernames, so is not kind of a "wide" attack, if we had the possibility to use...

Could be good idea, can you tell me how to disable SMTP AUTH on 25? Hmm it's spam? does this does what I'm looking for? I´m happy with Juggernauth, just lacking of this protection that could be useful.

Yeah I have added it, but the attacker really have lots and lots of IP's so no matter any range they have new ones :(

Thanks Peter, Yeah, would be great to accomplish this, I tried using Postfix main.cf, with these options added: smtpd_client_restrictions = permit_mynetworks, reject_rbl_client XXXX.XXX (RBL list) smtpd_delay_reject = no But at the end, it blocked all the attempts, not based on RBL